Malicious domain name detection method based on associated information extraction
To improve the accuracy of malicious domain name detection based on the associated information, a detection method combining resolution information and query time was proposed.Firstly, the resolution information was mapped to nodes and edges in a heterogeneous information network, which improved the...
Saved in:
| Main Authors: | , |
|---|---|
| Format: | Article |
| Language: | zho |
| Published: |
Editorial Department of Journal on Communications
2021-10-01
|
| Series: | Tongxin xuebao |
| Subjects: | |
| Online Access: | http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2021181/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841539250732924928 |
|---|---|
| author | Bin ZHANG Renjie LIAO |
| author_facet | Bin ZHANG Renjie LIAO |
| author_sort | Bin ZHANG |
| collection | DOAJ |
| description | To improve the accuracy of malicious domain name detection based on the associated information, a detection method combining resolution information and query time was proposed.Firstly, the resolution information was mapped to nodes and edges in a heterogeneous information network, which improved the utilization rate.Secondly, considering the problem of high computational complexity in extracting associated information with matrix multiplication, an efficiency breadth-first network traversal algorithm based on meta-path was proposed.Then, the query time was used to detect the domain names lacking meta-path information, which improved the coverage rate.Finally, domain names were vectorized by representation learning with adaptive weight.The Euclidean distance between domain name feature vectors was used to quantify the correlation between domain names.Based on the vectors learned above, a supervised classifier was constructed to detect malicious domain names.Theoretical analysis and experimental results show that the proposed method preforms well in extraction domain name associated information.The coverage rate and F1 score are 97.7% and 0.951 respectively. |
| format | Article |
| id | doaj-art-ca1ddff85b514643b6098d9b592454a3 |
| institution | Kabale University |
| issn | 1000-436X |
| language | zho |
| publishDate | 2021-10-01 |
| publisher | Editorial Department of Journal on Communications |
| record_format | Article |
| series | Tongxin xuebao |
| spelling | doaj-art-ca1ddff85b514643b6098d9b592454a32025-01-14T07:22:58ZzhoEditorial Department of Journal on CommunicationsTongxin xuebao1000-436X2021-10-014216217259745455Malicious domain name detection method based on associated information extractionBin ZHANGRenjie LIAOTo improve the accuracy of malicious domain name detection based on the associated information, a detection method combining resolution information and query time was proposed.Firstly, the resolution information was mapped to nodes and edges in a heterogeneous information network, which improved the utilization rate.Secondly, considering the problem of high computational complexity in extracting associated information with matrix multiplication, an efficiency breadth-first network traversal algorithm based on meta-path was proposed.Then, the query time was used to detect the domain names lacking meta-path information, which improved the coverage rate.Finally, domain names were vectorized by representation learning with adaptive weight.The Euclidean distance between domain name feature vectors was used to quantify the correlation between domain names.Based on the vectors learned above, a supervised classifier was constructed to detect malicious domain names.Theoretical analysis and experimental results show that the proposed method preforms well in extraction domain name associated information.The coverage rate and F1 score are 97.7% and 0.951 respectively.http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2021181/malicious domain name detectionheterogeneous information networkdomain name resolution informationquery timerepresentation learning |
| spellingShingle | Bin ZHANG Renjie LIAO Malicious domain name detection method based on associated information extraction Tongxin xuebao malicious domain name detection heterogeneous information network domain name resolution information query time representation learning |
| title | Malicious domain name detection method based on associated information extraction |
| title_full | Malicious domain name detection method based on associated information extraction |
| title_fullStr | Malicious domain name detection method based on associated information extraction |
| title_full_unstemmed | Malicious domain name detection method based on associated information extraction |
| title_short | Malicious domain name detection method based on associated information extraction |
| title_sort | malicious domain name detection method based on associated information extraction |
| topic | malicious domain name detection heterogeneous information network domain name resolution information query time representation learning |
| url | http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2021181/ |
| work_keys_str_mv | AT binzhang maliciousdomainnamedetectionmethodbasedonassociatedinformationextraction AT renjieliao maliciousdomainnamedetectionmethodbasedonassociatedinformationextraction |